admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-04 20:01:45 +00:00
parent 764ae609ee
commit 747e9ec550
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2017/14xxx/CVE-2017-14169.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large \"item_num\" field such as 0xffffffff, is provided. As a result, the variable \"item_num\" turns negative, bypassing the check for a large value." "value": "In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large \"item_num\" field such as 0xffffffff, is provided. As a result, the variable \"item_num\" turns negative, bypassing the check for a large value."
} }
] ]
}, },
@ -71,6 +71,11 @@
"name": "DSA-3996", "name": "DSA-3996",
"refsource": "DEBIAN", "refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996" "url": "http://www.debian.org/security/2017/dsa-3996"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8f",
"url": "https://github.com/FFmpeg/FFmpeg/commit/a4e85b2e1c8d5b4bf0091157bbdeb0e457fb7b8f"
} }
] ]
} }

7
2019/9xxx/CVE-2019-9721.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf." "value": "A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf."
} }
] ]
}, },
@ -66,6 +66,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-3967-1", "name": "USN-3967-1",
"url": "https://usn.ubuntu.com/3967-1/" "url": "https://usn.ubuntu.com/3967-1/"
},
{
"refsource": "MISC",
"name": "https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774",
"url": "https://github.com/FFmpeg/FFmpeg/commit/273f2755ce8635d42da3cde0eeba15b2e7842774"
} }
] ]
} }

7
2020/13xxx/CVE-2020-13765.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation." "value": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation."
} }
] ]
}, },
@ -81,6 +81,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4467-1", "name": "USN-4467-1",
"url": "https://usn.ubuntu.com/4467-1/" "url": "https://usn.ubuntu.com/4467-1/"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676",
"url": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676"
} }
] ]
} }

7
2020/13xxx/CVE-2020-13904.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c." "value": "FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c."
} }
] ]
}, },
@ -81,6 +81,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202007-58", "name": "GLSA-202007-58",
"url": "https://security.gentoo.org/glsa/202007-58" "url": "https://security.gentoo.org/glsa/202007-58"
},
{
"refsource": "MISC",
"name": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2",
"url": "https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2"
} }
] ]
} }

10
2020/8xxx/CVE-2020-8908.json
View File

@ -101,6 +101,16 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908", "name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E" "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E"
} }
] ]
}, },